[go: up one dir, main page]

WO2016110601A1 - Procédé de génération d'une identité numérique d'un utilisateur d'un dispositif mobile, identité numérique d'utilisateur, et procédé d'authentification utilisant ladite identité numérique de l'utilisateur - Google Patents

Procédé de génération d'une identité numérique d'un utilisateur d'un dispositif mobile, identité numérique d'utilisateur, et procédé d'authentification utilisant ladite identité numérique de l'utilisateur Download PDF

Info

Publication number
WO2016110601A1
WO2016110601A1 PCT/ES2015/070001 ES2015070001W WO2016110601A1 WO 2016110601 A1 WO2016110601 A1 WO 2016110601A1 ES 2015070001 W ES2015070001 W ES 2015070001W WO 2016110601 A1 WO2016110601 A1 WO 2016110601A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile
user
identity
application
digital
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/ES2015/070001
Other languages
English (en)
Spanish (es)
Inventor
Jordi MASÍAS
Xavier TARRÉS
Roger OLIVET
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ebiid products & Solutions SL
Original Assignee
Ebiid products & Solutions SL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ebiid products & Solutions SL filed Critical Ebiid products & Solutions SL
Priority to EP15845504.8A priority Critical patent/EP3065435A4/fr
Priority to US15/027,110 priority patent/US20160360403A1/en
Priority to PCT/ES2015/070001 priority patent/WO2016110601A1/fr
Priority to ES201690020A priority patent/ES2589141B1/es
Publication of WO2016110601A1 publication Critical patent/WO2016110601A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the present invention is included within the authentication systems between two parties, one of them being a user of a mobile device, based on PKI (Public Key Infrastructure) technology and with electronic certificates, regardless of the Certification Authority and the Operator of telephony.
  • PKI Public Key Infrastructure
  • an authentication system In general, the main objective of an authentication system is to verify the identity of a user who intends to access a remote system or verify the authorship of an act.
  • different authentication elements or factors can be used: something you have (card, phone, mobile phone line, ...); something that is known (password, PIN, one-time password or OTP (One Time Password)); or some biometric characteristic of the user (iris, voice, fingerprint, 7)
  • password, PIN, one-time password or OTP (One Time Password) or some biometric characteristic of the user.
  • the party requesting authentication is usually an online application, which is accessed from a browser, through an application or physically.
  • a single authentication factor which is usually a password or password, which they themselves validate, or even delegate the task of verifying authentication to third parties (eg Facebook connect, OAuth ).
  • OAuth eg Facebook connect, OAuth .
  • some systems implement a second factor, and for this it is customary to combine the use of something that the user knows (PIN or password) with something that the user has, which is unique and very difficult to replicate.
  • This second factor is usually a physical device that only the user has and that allows the system that requests the authentication that the identified user has that device at the precise moment that is requesting the authentication (for example, by calling the mobile phone guaranteeing possession of the SIM card; sending a single-use password via SMS or an OTP generating application).
  • the Mobile Signature system that uses asymmetric cryptographic keys provides interesting advantages, since it mitigates the inherent risk of an out-of-band authentication system, given that the system requires the legitimate site to send to the user a summary of the operation to be authorized. The user always knows what he is about to authorize.
  • This Mobile Signature system is based on the use of digital certificates as an authentication system. The use of a private key protected by a PIN, generated and stored on a mobile device, allows third party applications to verify the identity of the applicant, which has been previously certified by a Certification Authority.
  • the architecture of a Mobile Signature system basically consists of three parts: 1) the user, who tries to access the system of the 2) client that requests the user's authentication to the 3) registration and authentication system, who is responsible for maintaining a registry of users and registered identities, and in turn establish a secure channel between the client and the user during the authentication process.
  • registration and authentication system who is responsible for maintaining a registry of users and registered identities, and in turn establish a secure channel between the client and the user during the authentication process.
  • the present invention solves the problems described above by means of a distributed digital identity generation system, this digital identity being associated with the mobile device in which keys are created through a mobile application.
  • a first aspect of the invention relates to a method of generating a digital identity of a user of a mobile device, the digital identity of the user being based on a digital certificate generated by a certification authority, where the mobile device has an associated a first mobile identification number (eg, MSISDN);
  • the user having access to an executable application installed either on the mobile device or on a second device capable of running the application, which:
  • - contains a key container capable of storing at least one public key and one private key associated with said first mobile identification number
  • - has a unique application identifier associated; and - includes a connection logic with a mobile identity server;
  • the application installed on a second device, such as a Tablet, or another smart device different from the mobile device to which the first mobile identification number is associated.
  • the user's mobile digital identity will be associated with said first mobile identification number, but will reside in the application that is in the second device.
  • the certificate and the digital identity generated reside in the application, not in the SIM card of the mobile device, so the invention gives the user freedom by not depending on the requirements of the mobile operator.
  • the method preferably further comprises a previous stage of registration the user of the mobile device comprising: i) sending from the mobile device a request for registration of said first mobile identification number to the mobile identity server;
  • this refers to a digital identity of a user of a mobile device, the associated mobile device having a first mobile identification number (such as the MSISDN) and the user having access to a executable application installed on said mobile device or on a second device capable of running the application.
  • a first mobile identification number such as the MSISDN
  • the digital identity is generated by and resides in the mobile application, and is downloaded on said mobile device or on said second device capable of executing the application, and comprises the first mobile identity number, a digital certificate of said user generated by an authority of certification, and a unique identifier of said application.
  • the digital identity may also include additional data related to the user's identity, such as name, surname, postal address and / or email, etc.
  • the invention also relates to a method of authenticating a user of a mobile device against a server of a client through a mobile identity server, the method comprising:
  • the document signing process can be carried out online, if there is connection to the mobile identity server, or offline, if for example at that time there is no coverage, signing in an environment without connection to the outside thanks to the application installed and resident on the mobile device (or where appropriate , on the second device of the user where the application is installed).
  • This aspect that provides the authentication procedure of the invention of being able to authenticate the user, and sign documents or carry out procedures both online and offline is very important because the user does not always have a good coverage on his mobile device.
  • the process of the invention allows to carry out procedures, sign documents and access other services without connection, and subsequently synchronize automatically with the server when the connection is recovered, without intervention and in a transparent way for the user,
  • the invention also relates to an application that can be installed in a mobile device or in a second device with the capacity to execute said application, to generate a digital identity of a user of said mobile device, the mobile device having a first mobile identification number associated .
  • the application :
  • connection logic with a mobile identity server
  • the application is configured to generate the user's mobile digital identity from the first mobile identity number, a digital certificate of said user generated by a certification authority and the unique application identifier.
  • the application is preferably downloadable from a secure application platform, that is, that guarantees the integrity of the applications at the time of being installed on the devices.
  • the invention allows generating - and, in accordance with the preferred embodiments of the invention, preferably also managing - a digital identity of the user in its mobile device, or mobile digital identity.
  • the user can access a series of products or services offered by a client, after an authentication process of said mobile digital identity, with the same legal guarantees as if the user accessed through authentication with digital certificate of natural person.
  • this digital identity generated and installed in the user's device can be used for multiple registrations and services and is not linked to a single service or a certification authority, supporting all recognized standard market certificates.
  • Figure 1 shows a diagram of the main elements involved in the system of the invention according to a particular implementation thereof.
  • Figure 2 shows a scheme of the exchange of messages made between the different elements of the system to carry out the authentication.
  • authentication is carried out through an identity management system based on digital certificates that is distributed from applications installed on a user's smart mobile device or Smartphone.
  • the proposed solution uses the user's own mobile device as a certificate custody device, minimizing costs, and facilitating use.
  • the system consists mainly of three elements:
  • a user 100 who has a mobile phone or smartphone 10 in which a mobile application 1 1 is installed;
  • a server 20 of a client (or "Relying Party") on which the user wants to authenticate; Y,
  • a mobile identity registration and authentication server 30, RIDM a mobile identity registration and authentication server 30, RIDM.
  • the application 1 1 installed in the user's Smartphone 10 is distributed through application platforms such as Google Play or Apple AppStore, platforms that in themselves guarantee the origin (authenticity) and integrity (the applications are signed digitally by the editor) of the software that is installed on mobile devices.
  • application platforms such as Google Play or Apple AppStore, platforms that in themselves guarantee the origin (authenticity) and integrity (the applications are signed digitally by the editor) of the software that is installed on mobile devices.
  • Embedded within this application is the connection logic with the RIDM 30 server, as well as with an asymmetric key container - public and private - and the digital certificate generated by the application.
  • the mobile digital identity registration and authentication server is based on a public key infrastructure (PKI), that is, an entity linked to a Certification Authority enabled to manage identity verification for the issuance of digital certificates.
  • PKI public key infrastructure
  • the mobile digital identity is constituted from the mobile phone number, the MSISDN, a user identity number, such as, for example, its ID, plus a unique identifier associated with each application.
  • the user's mobile digital identity may include other data associated with the user's identity such as the name, surname and / or email address of the user.
  • the RIDM 30 server is is responsible for registering the user's mobile number in order to verify the MSISDN mobile phone number. To do this, as a first step in the registration process, the mobile application makes a registration request for the MSISDN mobile phone number to the RIDM server 30 by sending the mobile phone number MSISDN.
  • the RIDM server 30 Upon receiving the request, the RIDM server 30 verifies that the received MSISDN mobile phone number is not registered, or that the identity associated with that number is not in an active state, and generates a random code (e.g., of 5 digits) that you send by SMS to the mobile phone number provided, and whose hash (SHA1) stores. Upon receiving the SMS with the random code, it must be entered in the mobile application to indicate to the RIDM server 30 that the registration process was successful. To do this, upon receiving the code, the RIMD 30 server verifies whether the received code matches the previously sent code.
  • a random code e.g., of 5 digits
  • the user can also register by receiving the SMS on a mobile phone, and then enter the application that is installed on the Tablet to verify the possession of the telephone line of that MSISDN mobile phone number. Once the MSISDN registration is done, the application 1 1 carries out the process of creating a digital identity for the user.
  • the user communicates to the RIDM server his identification data (for example: name, surname, DNI, email) being able to use the application 1 1 or other non-automated means (email, manual entry), and once said data Registered the RIDM 30 server generates a unique activation code.
  • This unique activation code must be communicated to the user through some type of out-of-band channel, for example, by mail or hand delivered.
  • This unique activation code must be entered by the user in the mobile application 1 1.
  • the activation code proceeds to send it to the RIDM server to verify that it coincides with the one initially sent and that it corresponds to the identity of the user.
  • the next step begins with the positive response from the RIDM 30 server to the application 1 1.
  • the key container is then initialized using a PKCS # 12 container, which is protected by a user-defined PIN; and a couple of asymmetric keys: a private key and a public key.
  • a certificate creation request (Certify Signing Request) in PKCS # 10 format, which is sent to the RIDM server.
  • the RIDM uses the information contained in PKCS # 10 (request for issuance of unsealed digital certificate) to complete the registration of the user's mobile digital identity. Once the registration is updated, the RIDM sends the request for the creation of a CSR certificate to the CA certification authority to sign it and thus issue the certificate. Once issued, the certificate is sent back to the RIDM which in turn delivers it to the user's application through a PUSH message.
  • the digital certificate is not saved in the RIDM server but in the application, so electronic signatures can be generated and the authentication process can be performed without being connected to the RIDM.
  • this management of communication with the server using PUSH technology avoids costs for the user that carry other types of messages, such as, for example, SMSs.
  • the application and in particular a part of the application dedicated exclusively for this purpose within the mechanism to execute programs safely and separately (known as Sandbox), safeguards the key pair and the certificate, and therefore, the application is capable of performing cryptographic operations without having an internet connection.
  • step p1 At the moment when a user tries to access a remote server of a client 20 that requires prior authentication (step p1), an authentication process is initiated.
  • the client server 20 asks the RIDM server 30 to verify the digital identity that the user has presented (step p2).
  • the RIDM server 30 verifies whether the digital identity for that MSISDN mobile phone number has been created (step p3).
  • the RIDM 30 server using notification systems from the application platforms (such as 'GCM' Google Cloud Manager or 'APN' Apple Push Notifications) sends a notification to the application 1 1 (step p4).
  • Each application has a unique application identifier that is communicated the first time the application contacts the RIDM 30 server. This allows the coexistence of different systems and different applications for the same user. Thanks to this unique identifier the RIDM 30 server can send PUSH messages to the application.
  • step p5 If the digital identity for that MSISDN mobile phone number has been created, it sends a PUSH notification (step p5) to the user's application 1 1. In this notification, it sends a token 40 generated with random data and information related to the process to be authenticated (a message, the telephone number and the type of operation).
  • the user's application 1 1 receives the authentication notification and asks the user to enter the PIN that protects his private key to sign the received token (step p6). Biometric recognition could be used as an alternative to the PIN for those mobile devices or smartphones that support it.
  • the application 1 1 installed in the mobile returns the digitally signed token - for example, using a web service (SOAP) as a transport protocol on https- to the RIDM server (step p8), which proceeds to verify the signature made (step p9) and to notify the client's remote site (step p10) that the authentication has been successful.
  • SOAP web service
  • User 100 expresses his desire to continue executing the transaction for which he has been authenticated (step p1 1), and the client server 20 authorizes the corresponding transaction (step p12).
  • the server 20 generates a series of evidences that center around a "ticket" as an information unit. Once the entire authentication process has been completed, the ticket is signed and a time stamp is added. The system guards these evidences.
  • the trusted third party In accordance with the provisions of European Regulation No. 910/2014, the trusted third party must provide and guard these evidences within a reliable environment.
  • the system described above can be used to digitally sign any electronic document.
  • the digital signature process is performed analogously to the authentication process, sending instead of the token, the hash (a 'summary' of fixed length of the document, eg SHA-1) of the document to be signed, a URL with a rendered image of the document to be signed and another URL with the original document to be signed.
  • the user can then visually verify on his mobile terminal what data he is going to sign digitally.
  • the capacity of the channel is limited by design
  • the use of high capacity channels of mobile devices such as smartphone (such as 3G, 4G, WiFL.) Allows you to attach data as an entire document or images that will serve the user to check the data to be signed.
  • the actor who launches the signing act can choose in which format he wants the action to be carried out, PADES, XADES and other formats that may come in the future, given the capacity to extend the module in charge of electronic signature management.
  • the system of the present invention also allows the authentication functionality to be added directly to the applications (app) of clients that are distributed and installed on mobile devices through the use of libraries. The authentication process is then performed directly on the local, on the mobile device that contains the two applications.
  • the user can identify remotely in a secure way through the digital identity resident in his application, whose application can be installed in the mobile device provided by the MSISDN or in another smart device - such as tablet or similar - to which the user of the digital identity also has access.
  • the RIDM mobile digital identity server or registry associates each user's mobile phone number with specific data of that user (e.g., through their digital certificate), thus providing each user with a mobile digital identity or accreditation.
  • the invention has as its main field of application the one in which a "safe use of electronic services" is required, with the aim that any provider of telematic services can consume this mobile digital identity in an open way from Cloud; also, in those services in which "privacy" is required since the user is guaranteed access capacity and electronic signature of an equivalent level to the advanced signature based on recognized certificate, according to the Spanish Electronic Signature Law and European Directive of Electronic signature.
  • the person skilled in the art may understand that the The invention has been described according to some preferred embodiments thereof, but that multiple variations can be introduced in said preferred embodiments, without departing from the object of the invention as claimed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé de génération d'une identité numérique d'un utilisateur (100) d'un dispositif mobile (10), ladite identité reposant sur un certificat numérique généré par une autorité de certification. Le dispositif mobile (10) comprend un premier numéro et une identification mobile (MSISDN) associés. L'utilisateur a accès à une application (11) exécutable installée sur le dispositif mobile ou sur un second dispositif capable d'exécuter l'application qui : - comprend un conteneur de clés servant à stocker au moins une clé publique et une clé privée associées audit premier numéro d'identification mobile ; - comprend un identificateur unique d'application associé ; et - comporte une logique de connexion avec un serveur d'identités mobiles (30). Le procédé comprend une série d'étapes dans lesquelles l'identité numérique mobile de l'utilisateur est générée à partir du premier numéro d'identité mobile (MSISDN), du certificat numérique dudit utilisateur et de l'identificateur unique d'application. L'invention concerne aussi l'identité numérique d'un utilisateur (100) générée, un procédé d'authentification d'un utilisateur qui utilise ladite identité numérique. Ladite invention concerne également une application (11) installable sur un dispositif mobile (10) ou sur un second dispositif servant à exécuter ladite application, pour générer une identité numérique d'un utilisateur (100) dudit dispositif mobile (10).
PCT/ES2015/070001 2015-01-05 2015-01-05 Procédé de génération d'une identité numérique d'un utilisateur d'un dispositif mobile, identité numérique d'utilisateur, et procédé d'authentification utilisant ladite identité numérique de l'utilisateur Ceased WO2016110601A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP15845504.8A EP3065435A4 (fr) 2015-01-05 2015-01-05 Procédé de génération d'une identité numérique d'un utilisateur d'un dispositif mobile, identité numérique d'utilisateur, et procédé d'authentification utilisant ladite identité numérique de l'utilisateur
US15/027,110 US20160360403A1 (en) 2015-01-05 2015-01-05 Procedure for generating a digital identity of a user of a mobile device, digital identity of the user, and authentication procedure using said digital identity of the user
PCT/ES2015/070001 WO2016110601A1 (fr) 2015-01-05 2015-01-05 Procédé de génération d'une identité numérique d'un utilisateur d'un dispositif mobile, identité numérique d'utilisateur, et procédé d'authentification utilisant ladite identité numérique de l'utilisateur
ES201690020A ES2589141B1 (es) 2015-01-05 2015-01-05 Procedimiento de generacion de una identidad digital de un usuario de un dispositivo móvil, identidad digital de usuario, y procedimiento de autenticación usando dicha identidad digital de usuario

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/ES2015/070001 WO2016110601A1 (fr) 2015-01-05 2015-01-05 Procédé de génération d'une identité numérique d'un utilisateur d'un dispositif mobile, identité numérique d'utilisateur, et procédé d'authentification utilisant ladite identité numérique de l'utilisateur

Publications (1)

Publication Number Publication Date
WO2016110601A1 true WO2016110601A1 (fr) 2016-07-14

Family

ID=56355551

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ES2015/070001 Ceased WO2016110601A1 (fr) 2015-01-05 2015-01-05 Procédé de génération d'une identité numérique d'un utilisateur d'un dispositif mobile, identité numérique d'utilisateur, et procédé d'authentification utilisant ladite identité numérique de l'utilisateur

Country Status (3)

Country Link
US (1) US20160360403A1 (fr)
EP (1) EP3065435A4 (fr)
WO (1) WO2016110601A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BE1023971B1 (fr) * 2016-08-02 2017-09-26 Portima Cvba/Scrl Procede de signature electronique d'un document
WO2022200806A1 (fr) * 2021-03-26 2022-09-29 Rewire Holding Ltd Système et procédé pour système de paiements

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753882B (zh) * 2013-12-30 2020-06-16 腾讯科技(深圳)有限公司 网络业务验证方法、系统和服务器
US10805071B2 (en) * 2014-10-13 2020-10-13 Invenia As Method and system for protecting and sharing digital data between users in a network
CN106161350B (zh) * 2015-03-31 2020-03-10 华为技术有限公司 一种管理应用标识的方法及装置
US9942757B2 (en) * 2016-01-19 2018-04-10 Google Inc. Identifying a mobile computing device
US10475272B2 (en) 2016-09-09 2019-11-12 Tyco Integrated Security, LLC Architecture for access management
EP3497950B1 (fr) 2016-11-21 2024-03-20 Hewlett-Packard Development Company, L.P. Identification de présence
IT201600132156A1 (it) * 2016-12-29 2018-06-29 Infocert S P A Firma elettronica di transazioni tra utenti e fornitori remoti tramite l'uso di codici bidimensionali
US10726478B2 (en) 2017-01-17 2020-07-28 Fair Ip, Llc Data processing system and method for facilitating transactions with user-centric document access
US10878497B2 (en) 2017-01-17 2020-12-29 Fair Ip, Llc System and method for low friction operator interface on a mobile device
EP3583758B1 (fr) * 2017-02-17 2021-04-07 Equifax, Inc. Service universel d'authentification d'identité numérique
CZ2017165A3 (cs) * 2017-03-23 2018-10-03 Software602 A.S. Autentizace uživatele mobilním zařízením do aplikací třetích stran
US10887098B2 (en) 2017-11-15 2021-01-05 Alexander J. M. Van Der Velden System for digital identity authentication and methods of use
US11025419B2 (en) 2017-11-15 2021-06-01 Alexander J. M. Van Der Velden System for digital identity authentication and methods of use
GB2569784B (en) * 2017-12-19 2020-01-01 Goel Anil System and method of operating an email service for mobile telephones
CN111064574B (zh) * 2018-10-16 2023-01-10 金联汇通信息技术有限公司 数字证书生成方法、认证方法及电子设备
US10536846B1 (en) 2019-03-09 2020-01-14 International Business Machines Corporation Secure optical data exchange for stand alone certificate authority device
US11240369B2 (en) 2019-03-09 2022-02-01 International Business Machines Corporation Dedicated mobile device in support of secure optical data exchange with stand alone certificate authority
US11206140B2 (en) 2019-03-09 2021-12-21 International Business Machines Corporation Optical communication mounting frame in support of secure optical data exchange with stand alone certificate authority
KR102118282B1 (ko) * 2019-03-20 2020-06-09 주식회사 엔디소프트 소정 앱 콘텐츠에서의 사용 인증(로그인 정보 인증)을 자동화하는 방법
EP3734902A1 (fr) * 2019-04-29 2020-11-04 Siemens Aktiengesellschaft Procédé et système d'attribution de certificats de sécurité publics, système d'ingénierie ou de guidage et installation technique
US11503026B2 (en) 2019-05-28 2022-11-15 Alexander J. M. Van Der Velden Email address with identity string and methods of use
US11811739B2 (en) * 2021-01-06 2023-11-07 T-Mobile Usa, Inc. Web encryption for web messages and application programming interfaces
WO2022159868A1 (fr) * 2021-01-25 2022-07-28 Airedge, Inc. Procédés et systèmes destinés à faciliter des communications et des transactions sécurisées entre des dispositifs
CN114900321B (zh) * 2022-07-14 2022-10-14 云上人和物联科技有限公司 一种自主实名电子身份凭证生成系统及方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008141948A1 (fr) * 2007-05-24 2008-11-27 International Business Machines Corporation Dispositif mobile ayant une identité d'utilisateur de dispositif mobile obscurcie
WO2010045426A1 (fr) * 2008-10-16 2010-04-22 Verisign, Inc. Authentification de client transparente
US20120066767A1 (en) * 2010-09-13 2012-03-15 Nokia Corporation Method and apparatus for providing communication with a service using a recipient identifier
US20140075524A1 (en) * 2012-09-11 2014-03-13 Authenticade Llc System and method to establish and use credentials for a common lightweight identity through digital certificates

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE59913616D1 (de) * 1999-10-01 2006-08-03 Swisscom Mobile Ag Verfahren, um die authentizität von durch eine zertifizierungsinstanz herausgegebenen elektronischen zertifikaten in einem mobilgerät zu verifizieren und entsprechendes identifizierungsmodul
DE10149129A1 (de) * 2001-10-05 2003-04-24 Deutsche Telekom Ag Verfahren zum Erzeugen eines authentischen elektronischen Zertifikats
ITBS20080031A1 (it) * 2008-02-11 2009-08-12 Alberto Gasparini Metodo e telefono mobile per registrare e autenticare un utente presso un service provider
US8499154B2 (en) * 2009-01-27 2013-07-30 GM Global Technology Operations LLC System and method for establishing a secure connection with a mobile device
AU2011309758B2 (en) * 2010-09-30 2015-08-13 Entersekt International Limited Mobile handset identification and communication authentication
US9083703B2 (en) * 2012-03-29 2015-07-14 Lockheed Martin Corporation Mobile enterprise smartcard authentication
US10356204B2 (en) * 2012-12-13 2019-07-16 Microsoft Technology Licensing, Llc Application based hardware identifiers
US9397980B1 (en) * 2013-03-15 2016-07-19 Microstrategy Incorporated Credential management
US9143497B2 (en) * 2013-07-19 2015-09-22 Symantec Corporation Systems and methods for securing email in mobile devices
US9674173B2 (en) * 2014-04-10 2017-06-06 Blue Cedar Networks, Inc. Automatic certificate enrollment in a special-purpose appliance
US9529985B2 (en) * 2014-05-15 2016-12-27 Verizon Patent And Licensing Inc. Global authentication service using a global user identifier
TWI628944B (zh) * 2014-08-25 2018-07-01 蘋果公司 用於在一行動器件之一嵌入式通用積體電路卡上啟用一電子用戶識別碼模組之方法及相關之非暫時性電腦可讀儲存媒體

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008141948A1 (fr) * 2007-05-24 2008-11-27 International Business Machines Corporation Dispositif mobile ayant une identité d'utilisateur de dispositif mobile obscurcie
WO2010045426A1 (fr) * 2008-10-16 2010-04-22 Verisign, Inc. Authentification de client transparente
US20120066767A1 (en) * 2010-09-13 2012-03-15 Nokia Corporation Method and apparatus for providing communication with a service using a recipient identifier
US20140075524A1 (en) * 2012-09-11 2014-03-13 Authenticade Llc System and method to establish and use credentials for a common lightweight identity through digital certificates

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BE1023971B1 (fr) * 2016-08-02 2017-09-26 Portima Cvba/Scrl Procede de signature electronique d'un document
WO2018024445A1 (fr) * 2016-08-02 2018-02-08 Portima Scrl Procede de signature electronique d'un document au moyen d'un téléphone inteligent
GB2555167A (en) * 2016-08-02 2018-04-25 Portima Scrl Method for the electronic signature of a document
WO2022200806A1 (fr) * 2021-03-26 2022-09-29 Rewire Holding Ltd Système et procédé pour système de paiements

Also Published As

Publication number Publication date
EP3065435A4 (fr) 2017-04-19
US20160360403A1 (en) 2016-12-08
EP3065435A1 (fr) 2016-09-07

Similar Documents

Publication Publication Date Title
WO2016110601A1 (fr) Procédé de génération d'une identité numérique d'un utilisateur d'un dispositif mobile, identité numérique d'utilisateur, et procédé d'authentification utilisant ladite identité numérique de l'utilisateur
ES2739896T5 (es) Acceso seguro a datos de un dispositivo
ES2891309T3 (es) Método y sistema de encriptación
US10313136B2 (en) Method and a system for verifying the authenticity of a certificate in a web browser using the SSL/TLS protocol in an encrypted internet connection to an HTTPS website
ES2553222T3 (es) Seguridad de autentificación 2CHK mejorada con transacciones de consulta
ES2713390T3 (es) Procedimiento de verificación de identidad de un usuario de un terminal comunicante y sistema asociado
RU2638741C2 (ru) Способ и система аутентификации пользователя посредством мобильного устройства с применением сертификатов
ES2687191T3 (es) Método de autentificación de red para transacciones electrónicas seguras
ES2826599T3 (es) Procedimiento para la generación de una firma electrónica
ES2306759T3 (es) Procedimiento de validacion de funciones pki en una tarjeta inteligente.
US10637818B2 (en) System and method for resetting passwords on electronic devices
US8769289B1 (en) Authentication of a user accessing a protected resource using multi-channel protocol
US10147092B2 (en) System and method for signing and authenticating secure transactions through a communications network
ES2774397A1 (es) Metodo y sistema para recuperacion de claves criptograficas de una red de cadena de bloques
ES2984852T3 (es) Emisión de credencial digital verificable
BR102014015748A2 (pt) sistema de assinatura eletrônica de um documento eletrônico mediante o uso de um cartão de pagamento
US10579984B2 (en) Method for making contactless transactions secure
ES3040206T3 (en) Method for processing a transaction, device, system and corresponding program
KR20190114433A (ko) 블록체인 기반의 권한 인증 방법, 단말 및 이를 이용한 서버
KR20190114432A (ko) 블록체인 기반의 권한 인증 방법, 단말 및 이를 이용한 서버
JP2021519966A (ja) リモート生体計測識別
Khan et al. Offline OTP based solution for secure internet banking access
US20190007218A1 (en) Second dynamic authentication of an electronic signature using a secure hardware module
WO2016030132A1 (fr) Procédé de signature de données, et premier dispositif et système correspondants
ES2923919T3 (es) Protección de una comunicación P2P

Legal Events

Date Code Title Description
REEP Request for entry into the european phase

Ref document number: 2015845504

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 15027110

Country of ref document: US

Ref document number: P201690020

Country of ref document: ES

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15845504

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE